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QUESTION 21 

Which option can be used to authenticate the IPsec peers during IKE Phase 1? 

A. Diffie-Hellman Nonce 

B. pre-shared key 

C. XAUTH 

D. integrity check value 

E. ACS 

F. AH 

Answer: B 
QUESTION 22 

Which single Cisco IOS ACL entry permits IP addresses from 172.16.80.0 to 172.16.87.255? 

A. permit 172.16.80.0 0.0.3.255 

B. permit 172.16.80.0 0.0.7.255 

C. permit 172.16.80.0 0.0.248.255 

D. permit 176.16.80.0 255.255.252.0 

E. permit 172.16.80.0 255.255.248.0 

F. permit 172.16.80.0 255.255.240.0 

Answer: B 
QUESTION 23 

You want to use the Cisco Configuration Professional site-to-site VPN wizard to implement a site- 
to-site IPsec VPN using pre-shared key. 

Which four configurations are required (with no defaults)? (Choose four.) 

A. the interface for the VPN connection 

B. the VPN peer IP address 

C. the IPsec transform-set 

D. the IKE policy 

E. the interesting traffic (the traffic to be protected) 

F. the pre-shared key 

Answer: ABEF 
QUESTION 24 

Which two options represent a threat to the physical installation of an enterprise network? (Choose 
two.) 

A. surveillance camera 

B. security guards 

C. electrical power 

D. computer room access 

E. change control 

Answer: CD 
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QUESTION 25 

Which option represents a step that should be taken when a security policy is developed? 

A. Perform penetration testing. 

B. Determine device risk scores. 

C. Implement a security monitoring system. 

D. Perform quantitative risk analysis. 

Answer: D 
QUESTION 26 

Which type of network masking is used when Cisco IOS access control lists are configured? 

A. extended subnet masking 

B. standard subnet masking 

C. priority masking 

D. wildcard masking 

Answer: D 
QUESTION 27 

How are Cisco IOS access control lists processed? 

A. Standard ACLs are processed first. 

B. The best match ACL is matched first. 

C. Permit ACL entries are matched first before the deny ACL entries. 

D. ACLs are matched from top down. 

E. The global ACL is matched first before the interface ACL. 

Answer: D 
QUESTION 28 

Which type of management reporting is defined by separating management traffic from production 
traffic? 

A. IPsec encrypted 

B. in-band 

C. out-of-band 

D. SSH 

Answer: C 
QUESTION 29 

Which syslog level is associated with LOG WARNING? 

A. 1 

B. 2 

C. 3 

D. 4 

E. 5 
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F. 6 

Answer: D 
QUESTION 30 

In which type of Layer 2 attack does an attacker broadcast BDPUs with a lower switch priority? 

A. MAC spoofing attack 

B. CAM overflow attack 

C. VLAN hopping attack 

D. STP attack 

Answer: D 
QUESTION 31 

Which security measure must you take for native VLANs on a trunk port? 

A. Native VLANs for trunk ports should never be used anywhere else on the switch. 

B. The native VLAN for trunk ports should be VLAN 1 . 

C. Native VLANs for trunk ports should match access VLANs to ensure that cross-VLAN traffic from 
multiple switches can be delivered to physically disparate switches. 

D. Native VLANs for trunk ports should be tagged with 802.1 Q. 

Answer: A 

QUESTION 32 

Refer to the exhibit. 
***Exhibit is Missing*** 

Which switch is designated as the root bridge in this topology? 

A. It depends on which switch came on line first. 

B. Neither switch would assume the role of root bridge because they have the same default priority. 

C. switch X 

D. switch Y 

Answer: C 
QUESTION 33 

Which type of firewall technology is considered the versatile and commonly used firewall 
technology? 

A. static packet filter firewall 

B. application layer firewall 

C. stateful packet filter firewall 

D. proxy firewall 

E. adaptive layer firewall 

Answer: C 
QUESTION 34 
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Which type of NAT is used where you translate multiple internal IP addresses to a single global, 
routable IP address? 

A. policy NAT 

B. dynamic PAT 

C. static NAT 

D. dynamic NAT 

E. policy PAT 

Answer: B 
QUESTION 35 

Which Cisco IPS product offers an inline, deep-packet inspection feature that is available in 
integrated services routers? 

A. Cisco iSDM 

B. Cisco AIM 

C. Cisco IOS IPS 

D. Cisco AIP-SSM 

Answer: C 
QUESTION 36 

Which three modes of access can be delivered by SSL VPN? (Choose three.) 

A. full tunnel client 

B. IPsec SSL 

C. TLS transport mode 

D. thin client 

E. clientless 

F. TLS tunnel mode 

Answer: ADE 
QUESTION 37 

During role-based CLI configuration, what must be enabled before any user views can be created? 

A. multiple privilege levels 

B. usernames and passwords 

C. aaa new-model command 

D. secret password for the root user 

E. HTTP and/or HTTPS server 

F. TACACS server group 

Answer: C 
QUESTION 38 

Which three statements about applying access control lists to a Cisco router are true? (Choose 
three.) 
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A. Place more specific ACL entries at the top of the ACL. 

B. Place generic ACL entries at the top of the ACL to filter general traffic and thereby reduce "noise" on 
the network. 

C. ACLs always search for the most specific entry before taking any filtering action. 

D. Router-generated packets cannot be filtered by ACLs on the router. 

E. If an access list is applied but it is not configured, all traffic passes. 

Answer: ADE 
QUESTION 39 

When port security is enabled on a Cisco Catalyst switch, what is the default action when the 
configured maximum number of allowed MAC addresses value is exceeded? 

A. The port remains enabled, but bandwidth is throttled until old MAC addresses are aged out. 

B. The port is shut down. 

C. The MAC address table is cleared and the new MAC address is entered into the table. 

D. The violation mode of the port is set to restrict. 

Answer: B 
QUESTION 40 

Which three statements about the Cisco ASA appliance are true? (Choose three.) 

A. The DMZ interface(s) on the Cisco ASA appliance most typically use a security level between 1 and 99. 

B. The Cisco ASA appliance supports Active/Active or Active/Standby failover. 

C. The Cisco ASA appliance has no default MPF configurations. 

D. The Cisco ASA appliance uses security contexts to virtually partition the ASA into multiple virtual firewalls. 

E. The Cisco ASA appliance supports user-based access control using 802. 1x. 

F. An SSM is required on the Cisco ASA appliance to support Botnet Traffic Filtering. 

Answer: ABD 
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